CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-41315

mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond and /start_task interfaces, it is possible to modify the default built-in scheduled tasks and start them, achieving RCE.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.5%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/midoks/mdserver-web/security/advisories/GHSA-3h92-g9hr-xc25
https://github.com/midoks/mdserver-web/security/advisories/GHSA-3h92-g9hr-xc25

Products affected by CVE-2026-41315

Midoks » Mdserver-Web » Version: 0.18.0

cpe:2.3:a:midoks:mdserver-web:0.18.0
Midoks » Mdserver-Web » Version: 0.18.1

cpe:2.3:a:midoks:mdserver-web:0.18.1
Midoks » Mdserver-Web » Version: 0.18.2

cpe:2.3:a:midoks:mdserver-web:0.18.2
Midoks » Mdserver-Web » Version: 0.18.3

cpe:2.3:a:midoks:mdserver-web:0.18.3
Midoks » Mdserver-Web » Version: 0.18.4

cpe:2.3:a:midoks:mdserver-web:0.18.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-41315

Products

Pricing

Contact Us